Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • BIND BIND
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 530
    • Issues 530
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 102
    • Merge requests 102
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • ISC Open Source Projects
  • BINDBIND
  • Issues
  • #3349
Closed
Open
Created May 13, 2022 by Michał Kępień@michalOwner

"managed-keys" zone is created even with "dnssec-validation no;"

With the following configuration file:

options {
	dnssec-validation no;
};

named logs the following lines upon startup:

13-May-2022 07:06:05.967 set up managed keys zone for view _default, file 'managed-keys.bind'
13-May-2022 07:06:05.971 managed-keys-zone: loaded serial 0

and indeed creates a zone attached to the _default view which only contains a SOA record.

The same thing happens for dnssec-validation yes;.

This is harmless, but confusing at best, for two reasons:

  1. The managed-keys.bind file is never written to, despite what the log message suggests.

  2. No managed keys are ever refreshed or used.

Introduced by commit 778a01b1, i.e. in BIND 9.7.1.

See also #1961 for more logging confusion related to RFC 5011.

Assignee
Assign to
Time tracking